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Abstract 

A binary Byzantine agreement algorithm can be extended to produce a multivalued Byzantine 
agreement algorithm. The resulting multivalued algorithm is cheaper than previously published 
algorithms when the cost of transmitting values from the multivalued domain is significant. 
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introduction 

The concern of this paper is a set of potentially faulty processes that engage in a distributed 
computation to agree on some piece of information. Each process enters the computation with an 
initial value. The computation returns a common result value to each correct process. If all correct 
processes begin the computation with identical initial values, then the result value equals the initial 
value. 

The computation can be briefly characterized as follows. The computation is fully distributed 
and symmetric. It includes several rounds of synchronous message exchange over a completely 
connected, totally reliable communications network. The correct processes communicate only 
through messages. The communications network correctly identifies the sender of each message to 
the recipient of the message. Processes are assumed to have no signature ability (authentication). 
That is, there is no immediate way of detecting whether or not a relayed message has been altered. 

A process fails if it does not successfully perform the actions prescribed by the agreement 
algorithm. No assumptions are made restricting the messages sent by faulty processes. One can 
imagine that all faulty processes act maliciously, in collusion, and with magical knowledge of the state 
of the distributed system. 

A computation that functions as described above solves the Byzantine generals problem 
without authentication [3]. (Authenticated protocols protect relayed messages from alteration.) Let P 
be the number of processes that engage in the agreement computation and let T be an upper bound 
on the number of processes that may fail during the agreement computation. Byzantine agreement 
without authentication requires P>3T [6], and cannot be achieved in fewer than T + 1 rounds [4]. 

A less general formulation of the problem assumes that a distinguished process transmits 
initial values to the other processes. This paper makes no assumption about the source of the 
processes's initial values. 



■: ; ^,'vS5*v 



This paper describes a method for extending a binary Byzantine agreement algorithm to reach 
agreement on values from an arbitrary domain V. Any binary algorithm that does not require a 
distinguished transmitter process may be used. Two rounds are prepended to the binary algorithm. 
In the first round, each process sends every other process its initial value. In the second round, each 
process broadcasts a single bit of information by sending or not sending null messages. The third and 
subsequent rounds follow the chosen binary algorithm. 

Previous algorithms for reaching Byzantine agreement on values from an arbitrary domain V 
require processes to send messages whose length depends on the size of V in each round of the 
computation. Using the extension described in this paper/messages whose length depends on the 
size of V are sent only in the first round. Since the time that must be allotted each round of the 
computation depends in part on the length of messages sent in the round, the extension enables 
significant savings when the domain is large. 

The prepended rounds are an integral part of the extended computation. In particular, 
agreement can be guaranteed only if no more than T processes fail during the computation, including 
the first two rounds, where P>3T. (The chosen binary algorithm may make additional assumptions.) 

The body of this paper contains three sections: a description of the extension, a proof of its 
correctness, and a discussion of implementation concerns and performance characteristics. 

Description of the Extension 

In the first round, each process sends its initial value to every other process- A process is said 
to be perplexed if, in the first round, it receives at least as many as (P - T)/2 initial values different 
from its own. Processes that are not perplexed are said to be content In the second round, each 
perplexed process sends a message to every other process. The semantics of this message is just "I 
am perplexed". 

Each process maintains three local variables: two arrays indexed by process number and a 
boolean. These variables are are assigned values during the first two rounds. For process j, and i*j, 
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these variables are defined as follows: 

v(j) The processes initial value. 

v(i) The initial value received from process i. 

p(j) A boolean that is set true if and only if process j is perplexed, that is, v(j)*v(i) for at 

least as many as (P - T)/2 distinct values of i. 
p(i) A boolean that is set true if and only if process i sent a message claiming it is 

perplexed, 
alert A boolean that is set true if and only if at least as many as P - 2T elements of p are true. 

The binary computation is used to reach agreement on alert. If the binary computation agrees 
alert- true, there are correct processes with different initial values from V. In this case, all correct 
processes use a predefined default value from V as the. result of the extended computation. If 
agreement is alert = false, then all correct content processes have the same initial value from V. This 
value is the result of the extended computation. Perplexed processes deduce this result by using the 
initial value that is common to a majority of the content processes. That is, each perplexed process 
tabulates as votes the values v(j) for which p(j) is false. The majority vote is for the value favored by 
the correct content processes. 

Proof of Correctness 

The extended computation is correct if (1) all correct processes obtain the same result value, 
and (2) the result value equals the common initial value whenever all correct processes begin with the 
same initial value. 

The second claim is easily proved. If ail correct processes have the same initial value from the 
domain V, then no correct process is perplexed and ail correct processes have alerufalse. The 
binary computation agrees alert* false and all correct processes/ wNch are content, use their initial 
value as the result. 

The first claim has two cases: the binary computation agrees alert « true or alert * false. In the 
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former case, all correct processes select the default value as the result of the extended computation. 
In the latter case, it is necessary to show that all content processes have the same initial value and 
that this value is deduced by all the perplexed processes. This will now be demonstrated. 

Any subset of more than (P + T)/2 processes contains a majority of the correct processes. 
From this basic fact, it follows that each content process has the same initial value as a majority of the 
correct processes. (Observe that (P + T)/2 and (P-T)/2 sum to P.) Since there cannot be two 
distinct majorities, all content processes have the same initial value. 

Since the result of the binary computation is alert -false, there are at least T + 1 correct 
content processes, for otherwise there would be at least P - 2T correct perplexed processes and all 
correct processes would be alert and the result of the binary computation would be alert ■ true. Each 
perplexed process has pO) false for all content processes and possibly for some incorrect processes. 
Since there are at most T incorrect processes, the content processes are a majority of those for which 
pG) is false. Taking a majority vote of the vO) for which pO) Is false produces the value shared by the 
content processes. 

Implementation and Performance Analysis 

Many binary algorithms favor one of the two values in the binary domain. The binary 
algorithms (without authentication) described in [1,2,3,5] all reach agreement for the favored value 
whenever more than T correct processes begin with that value. (Assume that the threshold LOW 
equals T+1 in [1,2,5].) 

In the extended algorithm, the second round together with the binary computation can be 
interpreted as reaching binary agreement on which processes are perplexed, providing agreement is 
reached for perpfexed whenever (P - T)/2 or more correct processes are initially perplexed. If the 
chosen binary algorithm exhibits the bias described above, the second round of the extended 
algorithm can be omitted. (The chosen binary algorithm must require that each process sends all 
other processes initial binary values so that the values in the array p can be set.) 
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A good multivalued Byzantine agreement algorithm is presented in [5]. Agreement is reached 
in 2T + 4 rounds and requires CXP 3 ) messages each comprising 0(log P log |V|) bits. The extension 
described in this paper using the algorithm in [5] to reach binary agreement reaches multivalued 
agreement in 2T + 5 rounds (the second round of the extension is not needed) and requires OfP 3 ) 
messages having 0(log P) bits and OfP 2 ) messages having 0(log |V|) bits. The latter messages are 
sent only in the first round. 

The above analysis shows that the extension of the binary algorithm in [5] yields a multivalued 
algorithm that is cheaper in message bits than the multivalued algorithm described in [5]. The 
extension enables this savings because only in the first round does it send messages whose length 
depends on the size of the value domain. The actual time savings possible depends on a variety of 
factors, including the cost of an additional communication round relative to the cost of sending large 
messages, the size of the value domain, and the bandwidth of the communications network. 

Conclusion 

This paper shows that reaching Byzantine agreement on values from an arbitrary domain is 
not essentially more difficult than reaching binary Byzantine agreement, except for the necessity of 
initially exchanging and comparing values. Using the technique described in this paper to extend a 
good binary algorithm yields a multivalued algorithm faster than those previously published when 
agreement must be reached on large sets of data. 
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